From 0b6ef3d494237765fce573027d6b0575621e927b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 8 Sep 2021 04:35:53 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-174126
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-559098
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-458931
---
 requirements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8f6695e..176d694 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,15 +7,16 @@ Delorean==1.0.0
 Flask==0.12.2
 humanize==0.5.1
 itsdangerous==0.24
-Jinja2==2.10
+Jinja2==2.11.3
 MarkupSafe==1.0
 pymongo==3.6.1
 python-dateutil==2.7.2
 pytz==2018.4
 tzlocal==1.5.1
-Werkzeug==0.14.1
+Werkzeug==0.15.3
 wheel==0.31.0
 zope.interface==4.5.0
 jasmine==3.1.0
 mock==2.0.0
 pyOpenSSL==17.5.0
+pyyaml>=4.2b1 # not directly required, pinned by Snyk to avoid a vulnerability